Posted
by
CmdrTaco
on Tuesday February 15, 2011 @06:00PM
from the i-feel-safer-already dept.

dcblogs writes "The White House 2012 budget seeks a 35% increase to $548 million in cybersecurity research and development, including funds to help DARPA mitigate the risk of insider threats. Think WikiLeaks. Improving control system security, post Stuxnet, was also cited as priority. Overall, the budget seeks $66.1 billion for basic and applied research across all areas, an 11.6% increase. Some areas called out for special focus by the White House include robotics. The feds have already started offering grants for developing of 'co-robots,' which are 'systems that can safely co-exist in close proximity to or in physical contact with humans in the pursuit of mundane, dangerous, precise or expensive tasks.' The US also wants to focus research on nanomanufacturing, 'and the merging of self-assembly with lithography to achieve large-scale predictable placement of nanoscale components.'"

The key is to realize that we could defend our country just fine on half of the budget.

Unfortunately you'll find neither major party willing to say that because they're all in the pocket of defense contractors. Like most things, third parties and independents are the answer...

Ahh, but how does a third party get elected or how do we change the positions of the big parties to fix the problem? Personally I think the answer is lobbing reform. That should be the swing issue tackled, rather than the level of government spending. Allow me to explain.

Most Americans when polled can't agree on programs where money should be cut that will significantly reduce spending. You'll have a hard time finding any significant area of spending where 50% of citizens want cuts. At the same time polls show something like 80% of Americans in favor of banning lobbying by corporations, more than 90% in favor of banning lobbying by foreign governments. There's even popular support for making it illegally for lobbyists to so much as organize fundraisers. And yet nothing is done. This is because our current elected officials pretty much universally benefit from current laws.

There is popular support to back a reform candidate, third party, or subset of a major party that focuses on the issue of government corruption, and the influence of lobbyists. People get mad about lobbying and corruption and they are right to do so. This just needs to be harnessed to get people elected on promises of doing something about it. If the tea party, for example, focused on that topic they'd be getting a lot more support from the other end of the political spectrum, of course since the tea party is largely run, promoted, and marketed by lobbyists this is unlikely. Still, a real grassroots campaign could be run.

Rather than supporting third parties and hoping they'll help, why not focus on why all congress critters are in the pockets of defense contractors in the first place. It's because the lobbyists of those defense contractors get them elected by supporting their party's coffers, organizing fundraisers, and sometimes directly running media campaigns. The public doesn't want that and making it an issue can get those people to stop relying upon those lobbyists or get them replaced by others not suckling at their teat. A solid strategy is better than throwing your vote behind a losing candidate as a protest. The focus should be on lobbying reform and let the chips fall where they may.

So, you think we should make it illegal for people to pool their money and hire someone to spend fulltime keeping track of what Congress is doing and then report back to the group. Additionally, this person will take the opinions of the group and communicate them to various members of Congress, so that the members of Congress will know what those of their constituents who are members of this group think of various laws bills being considered by Congress.
Of course, that would require a Constitutional Amendment since the Constitution says: "Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances."
While you can interpret it differently, everything lobbyists do can be interpreted as petitioning the Government for redress of grievances. And everything that you can do to petition the Government for redress of grievances can be interpreted as lobbying.

So, you think we should make it illegal for people to pool their money and hire someone to spend fulltime keeping track of what Congress is doing and then report back to the group.

Nope, just illegal for the group to incorporate then give money to election funds or run politically themed ads.

Additionally, this person will take the opinions of the group and communicate them to various members of Congress, so that the members of Congress will know what those of their constituents who are members of this group think of various laws bills being considered by Congress.

And I personally have no problem with privately funded special interest groups, provided those groups don't provide government employees with bribes in the form of free travel accommodations, meals, etc.

Of course, that would require a Constitutional Amendment...

While I'm thinking of a different set of restrictions than you seem to be, likely there would need to be a constitutional amendment. Currently the Supreme Court precedent interprets the 14th amend

Ahh, but how does a third party get elected or how do we change the positions of the big parties to fix the problem?

Reform the electoral system, for one thing.

Ahh, but that's a chicken and egg problem. If we reformed the electoral process we'd be able to elect more third parties, but why would the current politicians vote for it? Most individuals don't care about or understand more modern electoral systems and you can bet your ass about 50% of the population would immediately brand it as "foreign socialist fancy math voting" and thereby inferior to what the US is doing (which they probably don't even know).

The next biggest step to a third party getting elected (PROBABLY) is for you and I to vote for them and trust our fellow citizens will vote for who they think is best.

The key is to realize that there's a difference between "defending America" and "defending American interests all over the world".

Defending the American homeland is uncontroversial. Not even Osama Bin Laden himself would have any issue with that. What causes strife is when this is extended to mean "defending America's supplies of foreign goods, especially oil". That is what makes the US military so overstretched, and so astonishingly expensive.

Most attacks have nothing to do with being mad,
Most are organized crime, doing it to make a buck.
The next largest subset are simply vandal type hackers doing it to amuse themselves.
Very few are politically motivated.

I don't see why this is modded flamebait. It's naive to think that, but naive =/= flamebait necessarily.

Does anyone here actually think everything the US does that annoys people with computers is necessary? I mean, former ambassador John Bolton runs around yelling on Fox that we should bomb Iran pretty much every day. If Iran were -reasonable- they'd think about putting child porn on his computer. It certainly doesn't discourage them from funding cyberwarfare against the rest of us.

I think if our government were to take a reasonable response to Wikileaks rather than trying to burn Asange at the stake, Anonymous might be ever-so-slightly less inclined to do some damage to government networks.

There will always be people attacking the US as long as there is a US, sure, but we do encourage a lot of it, and we could ruffle fewer feathers definitely.

Partisianism aside, this is a good thing. Security initiatives are not going to be coming from the business sector because security has no ROI [1]. So, the only real origin of more robust tools to keep the blackhats out are going to have to come from governments.

Of course, my fear is that this security initiative (meant to keep data safe from being exposed, or worse, tampered with), may turn into funding for nastier DRM. Mainly because DRM does seem to have a ROI attached to it while security in general

FTFY. Two examples why this is important:
1. how much security the TSA scanners bring? how much do they cost?
2. a very recent case showed a group of 3 companies trying to get a contact for 6 months at 2 mils/month. Turned out that one of them wasn't even able to secure its digital assets.

I admit, I didn't say what good security mean. Well, that's let as homework.. for extra points, see how much of what Obama wants is indeed good security.

Think back ten to fifteen years - Anyone with "dotcom" development experience could double or triple their salary by including that on their resume. Same person, no difference, but it makes the dollars involved higher.

I think originally the prefix cyber- was related to the sci-fi notion of a cyborg, basically a human fused with a machine, until it was hijacked by a certain cyberpunk writer [wikipedia.org] and converted into cyberspace, an emptiness vaster than interstellar space. For "most people", cyber- is synonymous with anything that can be done with an Internet connection. Ergo, cyber-sex, cyber-war, cyber-bullying, cyber-stalking, etc (with or without the hyphen). Sadly, a cybernaut is someone who explores cyberspace [princeton.edu] rather than a

If it's really important, don't put it on the Internet. If routing over another physical network is too expensive, encrypt it.

There. Problem solved. All I ask is 10% of what they are planning to spend on this problem. I think that's reasonable. I'll be by the Treasury to pick up my money on Tuesday. I'll be the one in the Bugatti Veyron, which the dealers will happily front me when I explain to them what I've done.

1) There is no way a defense contractor or IT company can make any money with this model.2) It is much better to leave systems insecure and then try to patch it up with super secure OS, Software, Hardware, guard sharks and people to feed the sharks. And some TSA agents to feel you up.3) You suggestion makes sense.

I think you vastly misunderstand security. "Don't put it on the Internet" and "encrypt it" are good rules-of-thumb, but they rely on many assumptions, many of which we only think we understand. For example, P != NP is a fundamental assumption in cryptography, but it is unproven. It appears as if we're probably right, but we do not know for sure. The budget calls for "basic research" in security-- this means that someone who is seeking to understand security from a computational (i.e., mathematical) stan

When I was doing work requiring clearance (DoD and DoE at various times) there was a lot of stuff to understand about need to know. Having low level clerks see things I would restrict to cabinet level access is stupid, and no new research needed, just applying principles practiced in the 1970s.

Given the chance to design an access system, I would have a "can see" bit map and put characterizing bits (flags, whatever) on each item, so unless someone was cleared for all characteristics of a document or folder,

All that fancy stuff is useful in theory, but in reality will pale in comparison with boots on the ground, from both the practical and economic standpoint. A fully automated Big Brother security system sounds impressive, but you still have to keep it working and up to date over time, even if there aren't any exploitable bugs in it.

Techno P. T. Barnums are plentiful, and always ready to collect your money. And in this case, there's a politician looking for an easy answer born every minuite.

I didn't talk about the President, I talked about the idea, knee-jerk. And you obviously have no idea how research grants are awarded. P. T. Barnums are pretty synonymous with defense contractors and opportunistic PhDs. It's an expensive solution
that we can't afford right now, and is unlikely to produce results that are both useful and constitutional. If the fear is Wikileaks, I'm sorry, but privacy is dead, get over it and stop wasting taxpayer dollars.

You'll be surprised to discover that a great deal of computer science theory is also useful in practice. Take compiler front-ends, essentially the part that parses your written code. Before the 1970's, nearly all of this was done by hand. Now, using formal language theory, almost all of it can be automated, and recent work in grammars can produce ambiguity-free grammars for C, which is full of all kinds of nasty surprises. This means that C compilers become much simpler, produce better output, and are e

Except here we're not talking about compiler front ends, we're talking about protecting against information leaks and implementing automated surveillance robots and nanomachines. You have to ask 1) are such systems capable of eliminating whistleblower leaks given the fact we live in a country with free speech protectections, 2) is that an appropriate use of taxpayer dollars, 3) are such surveillance systems cost effective for what they can actually do, and 4) can we afford this sort of thing right now?

"Kid, take the money and do something good with it" is what I once heard about this problem. That's politics. Politically, security is an easy sell. It may be stupid and misguided. And there will be some unscrupulous characters who will take the money and use it to research something like the "evil bit", and they may even convince themselves they aren't wasting money. But most will do something good, and it will even be related to security. But it does help to have oversight with at least a little bit